Thank you for your interest in BulletProof FTP Server.

Below is a list of HOWTO articles that have been written over the years to help customers in getting up and running with BulletProof FTP Server.Note: Some of the screen-shots show older versions of the software. The UI hasn’t changed much between different versions, but you might find some of the buttons labeled differently than what appears.

Opening Your Firewall

It’s VERY common that people think only one-port is needed for ftp (default: tcp/ip 21). However, this is not true.

FTP requires at least two ports, one for the control-port (used to login and issue commands, default tcp/ip 21) and a data-port (default tcp/ip 30000 to 30100). One data-port is needed for every concurrent data-connection, for this reason we suggest using a range of 100 ports which will handle most needs.

– Navigate to Management -> Security -> IP Access Control-Lists- Right-click and choose “Add IP/ACL”PLEASE NOTE: All rules should be added as a DENY rule (“-” minus) sign. Entering a ALLOW rule (“+” plus) will override the default rule of “+*.*.*.*” and turn IP/ACL into whitelist only, where all IPs are rejected unless an ALLOW rule is created.

Enter the IP Address to be banned. Please note that the “Refuse IP Address Access” should be chosen.PLEASE NOTE: All rules should be added as a DENY rule (“-” minus) sign. Entering a ALLOW rule (“+” plus) will override the default rule of “+*.*.*.*” and turn IP/ACL into whitelist only, where all IPs are rejected unless an ALLOW rule is created.

– Navigate to Server Monitor -> Log WatchIn this example, you’ll see the DENY rule being made for “-54.153.69.28″ and you’ll see the ftp-client disconnect and then attempt to reconnect again, only to be refused access.

– Navigate to User/Group Manager -> Edit User/Group -> Restrictions- Right-click and choose “Add IP/ACL”PLEASE NOTE: All rules should be added as a DENY rule (“-” minus) sign. Entering a ALLOW rule (“+” plus) will override the default rule of “+*.*.*.*” and turn IP/ACL into whitelist only, where all IPs are rejected unless an ALLOW rule is created.

Enter the IP Address to be banned. Please note that the “Allow IP Address Access” should be chosen, in order to restrict a user|group to a specific IP Address (aka whitelist)PLEASE NOTE: All rules should be added as a DENY rule (“-” minus) sign. Entering a ALLOW rule (“+” plus) will override the default rule of “+*.*.*.*” and turn IP/ACL into whitelist only, where all IPs are rejected unless an ALLOW rule is created.

– Navigate to Server Monitor -> Log WatchIn this example, you’ll see the ftp-client from “-54.153.69.28″ is denied. This is because the IP/ACL was converted to a “whitelist” with a single ALLOW rule and “+192.168.0.*” does not match the incoming ftp-client.

Today, we are proud to announce a new release of our BulletProof FTP Server for Windows. This release contains several fixes and improvements to the Events Manager -> SMTP and the handling of %VARIABLES when sending emails during OnEvents; like OnFileUpload. This version is a maintenance version of v2014.1.0.21, while v2015.1.0.22 is still in testing (which allows for Secure-FTP and includes a new ftp-engine).

This HOWTO video shows the process of executing the “reload” command at the command line to reload changes made to the USERS file.

1) BPS currently running as a SERVICE
2) Logging into BPS using “ftp.exe”
3) While the ftp-client is still connected
4) Change the “bpftpserver-users.ini” and edit the password
5) Issue the “bpftpserver -reload” command
6) BPS launches another instance to instruct the current instance to reload the configuration
7) The original ftp-client is still connected
8) Disconnect original ftp-client and try to login as old password (doesn’t work, since it was changed)
9) Try to login as the new password, it works.

Version 2014.1.0.20 - 2014-AUG-26
---------------------------------
* Improved: Management -> Settings -> NAT/Firewall -> Passive Data-Port Range: Symptom, sometimes a ftp-client unable to retrieve a directory or file-transfer as the result of a bad port sent with "227 Entering Passive Mode (1,2,3,4,0,21)" (where ip=1.2.3.4 and port=21 (0*256+21)). Resolved a problem in which it was possible for an incorrect data-port (tcp/ip 21) to be returned to the ftp-client on heavily used ftp-servers (or ones configured with minimal data-ports). This was due to the method in which a data-port was selected from the pool, after 5 attempts of randomly picking a port and finding it busy; the software returned 21, which is bad and not in the data-port range. Rewrote this portion of the program to pick ports and try them for a period of 30 seconds, before returning an exception in the software. Example of bad return "227 Entering Passive Mode (1,2,3,4,0,21)". In sampling, the error occurred 58 times out of 38608 with a pool of 100 ports during a 20 hour run-time on Aug 25th.

*** NOTE: Version 2014.1.0.19 is a quick fix of v2014.1.0.18 that resolves a problem with importing the Settings, Users/Groups from previous major versions (v2.x, v2010 v2011, v2013). The notes for this quick-fix are below, in addition to the notes for v2014.1.0.18 which constitute a significant release.

Version 2014.1.0.19 - 2014-AUG-22
---------------------------------
* Fixed: Management -> Auto|Manal-Import: Resolved a problem in Auto/Manual Import of previous version Settings, Users/Groups. (internal structure used to store these files was not being destroyed prior to new files being put into place, as a result the new files (aka imported) were being overwritten immediately by cached files stored in memory-structure)
* Fixed: STARTUP: On new installation and first-start, fixed a problem that crept up in 2014.1.0.18, in which the "Auto Import Migrate Settings, Users/Groups" wasn't being triggered if there were no current files found

Version 2014.1.0.18 - 2014-AUG-21
---------------------------------

A summary of this release comprises of:
- Fix for freezing during "Configuring..."
- Several speed enhancements for heavy use
- Improvements to help defend brute-force-attacks
- Support for importing information from older versions (Events, IP/ACL, Scheduler)
- Internal code changes to prepare for SFTP/FTPS (soon)
- Serveral cosmetic changes to the UI

x Fixed: FREEZE ON STARTUP: Condition found in which the program appears to "freeze" during "Configuring..." and will not respond; added a timeout value of 10 seconds before it gives up. Condition was triggered when the computer was FIREWALLED and OUTBOUND connections on tcp/ip port 80 are BLOCKED. (http web-get on "http://bpftpserver.com")

x Changed: INTERNAL-CODE: ARM added to bpftpserver-service.exe due to TBPSLicense inclusion in TBPSSettings

x Fixed: Management -> Events Manager: If an invalid file was specified for the EXE, an exception-error was incorrectly displayed as a result of a bug that displayed the filename for the file-not-found condition.

* Improved: Management -> Security Options -> IP Access Control-List -> Add IP/ACL: Applied constraints to the values entered in an effort to help make sure rules are
entered correctly. Only the following characters are valid for IP/DNS values: 0..9, A..Z, a..z, "*-[]."

+ Added: Management -> Security Options -> IP Access Control-List: Added notes at the bottom of the list of ACL to indicate that a "!" rule is from Anti-Hammer's "cool down" period.

x Fixed: Management -> Security Options -> IP Access Control-List: Rewrote the way the internal list of rules is mananaged in order to discover and correct null-pointer reference (EXCEPTION: BPSettings_BannedIPs.Assign())

x Fixed: Management -> Settings -> Scheduler: Added support of loading configuration data migrated from older versions of the software produced before JUNE 2011 (v2.x, v2010, and v2011.0.1.63).

* Improved: Management -> Settings -> Visual and Misc -> "TrayIcon: Send Minimized program to the System-Tray as Tray-Icon": If the program is minimized as a tray-icon *and* another copy is started, the original instance is brought to the foreground. If it was minimized as tray-icon, it will now come out of tray-icon as well.

x Fixed: Management -> Settings -> Windows System Service: If the service was turned-off and the GUI was started when the SERVICE was originally running: made change *not* to start SERVICE after terminating GUI (as there's no point, it was deinstalled)

x Fixed: Management -> Settings -> Windows System Service: Resolved an issue where the SERVICE would not be installed, if the Override Storage-Path was defined

x Fixed: Server Monitor -> LogWatch -> Copy-To-Clipboard: If "Use Color" is turned on, resolved a problem where the text copied to the clipboard contained the 5 digit code + '~' (delimiter) for the color used on the line.

x Fixed: Server Monitor -> LogWatch: Fixed a problem which would send a blank-line to the log, if the "client" passed is NIL (TBPSLogging.LogIt.ReplaceLog() aborted if client==NIL)

* Improved: UNINSTALL: Fixed a problem which would cause the uninstallation of the service over-and-over-and-over (bpftpserver-uacadmin.exe) if the service was *NOT* installed. Error-Code of 14 was returned, installer appears to retry on errorlevel!=0

* Improved: User|Group Manager -> Edit -> Access -> Folders -> Right-Click "Add": Will now automatically navigate to the location of the first access-right or the currently highlighted access-right (Access-Rights will also be defaulted in the same way). (thx Paul E.)

* Changed: User|Group Manager -> Edit -> Virtual Folders -> Virtual Folders are only visible in User|Group-Account's "Home Folder": changed this to be the default, as I believe the option to have it display in every directory is confusing